Linux Password reveal
Hi,
I just discover how a Linux password is formed. This information is useful for those who have to write a piece of code for their software to either match user authentication or make new user from their script. Though Linux Provide PAM for the purpose, but for me configuring PAM for you application that can generate its password itself is not useful. But its recommended as its General application and if in future Linux authentication method or password saving change you can easily adopt to it.
Anyways, here is where we store User information in linux
/etc/passwd
and here we store its password
/etc/shadow
now shadow file has column seperated by [ : ] colons
like
sumit:$1$YgUxVnSK$/Y/QjCfBDyoZriQ7oQnxs.:13316:0:99999:7:::
in this it tells there is a user call sumit with password as $1$YgUxVnSK$/Y/QjCfBDyoZriQ7oQnxs.
This password is divided in Three parts seperated by $ (dollar) sign.
$1 is indication of fact taht its an MD5 crypted password
$YgUxVnSK is the salt use to crypt the password
$/Y/QjCfBDyoZriQ7oQnxs. is the password
But these values are read without $ sign :o)
So if you need to make a linux password simple take a Salt for your Password encryption and crypt your password with it and than append $1 with both values and write it in Shadow file.. simple
in PHP its quite simple to do ...just call crypt function with out any salt
like
$password= crypt("mypassword");
And in PERL you need to ensure a random salt as crypt function of perl produce different result on windows and on Linux :o(
in windows machine crypt function call will be
$password= crypt("mypassword","");
produce some thing like
/Y/QjCfBDyoZriQ7oQnxs.
where as in linux it will be full linux password style
Hope I am clear in telling linux password, as programmer you don't need to know more on this...
Sumit Gupta
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home